With the following privacy policy, we would like to explain to you what types of personal data we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
This privacy policy was last updated on 17.07.2024.
A. GENERAL INFORMATION ON DATA PROCESSING
1. responsible person and data protection officer
PM 3D Tec GmbH
Schelmenwasenstraße 37
70567 Stuttgart
E-mail address: info@karlos-3d.com
Any data subject can contact Markus Frasch as the contact person for data protection at any time with any questions or suggestions regarding data protection (a company data protection officer has not been appointed as there is no legal requirement for one). You can reach him at the above address and at datenschutz@karlos-3d.com
2. principles of data processing and storage duration
2.1 Legal bases for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR is the legal basis for the processing of personal data. You can revoke any consent with effect for the future.
When processing personal data that is required to fulfill a contract with you or your company, Art. 6 para. 1 sentence 1 lit. b GDPR is the corresponding legal basis. This also applies to processing operations that are already relevant pre-contractually.
Insofar as the processing of your personal data is necessary to fulfill one of our legal obligations, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our legitimate interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
2.2 Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed:
Inventory data, payment data, location data, contact data, content data, contract data, usage data, meta, communication and process data.
Categories of data subjects:
Customers, interested parties, communication partners, users, business and contractual partners.
Purposes of Processing:
Provision of contractual services and performance of contractual obligations, contact requests and communication, Security measures, Direct marketing, Web Analytics, Office and organizational procedures, Managing and responding to inquiries, Feedback, Marketing, Profiles with user-related information, Provision of our online services and usability, Information technology infrastructure.
2.3 Storage and deletion of data
As a matter of principle, we only store personal data for as long as the specific purpose of storage requires. If the purpose of storage ceases to apply, your data will be deleted or its processing restricted.
However, European regulations, applicable national laws or other provisions may require us to store the data we process for longer. If these storage periods expire, we will erase your data or restrict its processing.
2.4 Recipients of data
We will generally only disclose your personal data to service providers, business partners and other third parties within the framework of the applicable data protection laws and inform you of this in accordance with legal requirements.
We may disclose personal data to service providers and oblige them to perform services on our behalf (order processing). In doing so, we observe the strict applicable national and European data protection regulations. The service providers are subject to our instructions and are subject to strict contractual restrictions with regard to the processing of personal data. Accordingly, processing is only permitted insofar as it is necessary for the performance of services on our behalf or to comply with legal requirements. We will determine in advance exactly what rights and obligations the service providers should have with regard to personal data.
We may disclose personal data to other third parties if this is required by law or legal process or in order to provide the services we offer on the website. We may also be required to provide information to a law enforcement agency or other public authority. We are also authorized to disclose data if the forwarding of information is necessary for cooperation and thus the provision of services to you or if you give your consent.
2.4.1 Categories of recipients
Personal data may be transferred to the following recipients or categories of recipients:
- Internal company recipients (e.g. for processing for specific purposes within the relevant departments)
- Cooperation partners with whom we provide services
- External processors within the meaning of Art. 28 GDPR
- Companies for which we provide services
- Courts Authorities or other state institutions, insofar as legal obligations exist
- Auditors
3. your rights
If we process your personal data, you are a "data subject" within the meaning of the GDPR. As a data subject, you have the following rights vis-à-vis us:
3.1 Right to information regarding the processing
You can request information from us at any time within the framework of the statutory provisions as to whether personal data is processed by us. If this is the case, you have the right to request information about the scope of the data processing (see Art. 15 GDPR). Please note that the right to information may be restricted in certain legal circumstances.
3.2 Right to rectification
You have the right to obtain from us the rectification and/or completion of your data if the personal data processed concerning you is inaccurate or incomplete (see Art. 16 GDPR).
3.3 Right to restriction of processing
If the conditions for this are met, you can request the restriction of the processing of your personal data (see Art. 18 GDPR).
3.4 Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay where the requirements for this are met. The right to erasure does not exist, for example, if the processing is necessary (see Art. 17 GDPR).
3.5 Right to information
If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. The controller will inform these recipients if you request this (see Art. 19 GDPR).
3.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another company without hindrance from us, provided that the conditions for this are met (see Art. 20 GDPR).
3.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (Article 21(1) GDPR). The consequence of the objection is that we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
3.8 Right to revoke the declaration of consent under data protection law
If you have issued a declaration of consent under data protection law, you can revoke this at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
3.9 Right to lodge a complaint with a data protection supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable data protection laws.
4. safety standards
We have implemented appropriate physical, technical and administrative security standards to protect personal data from loss, misuse, alteration or destruction. All service providers and affiliated companies are contractually obliged to maintain the confidentiality of personal data. In addition, they may not use the data for purposes that have not been authorized by us.
As the security of your data is important, your entire visit is processed via a secure TLS connection. If personal data is collected, the data transfer is also TLS-encrypted. The TLS encryption process protects your data from unauthorized access as it travels over the Internet.
5. international data transfers
Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data will only be transferred if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), express consent or in the case of contractual or legally required transfer (Art. 49 para. 1 GDPR). In addition, we will inform you of the basis for third country transfers with the individual providers from the third country, whereby the adequacy decisions take precedence. Information on third country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). As part of the data protection information, we will inform you which service providers we use are certified under the Data Privacy Framework.
6. amendment of the privacy policy
We may update this Privacy Policy from time to time to ensure that it always complies with current legal requirements or to reflect changes to our website services (e.g. introduction of new services). You can see whether anything has changed since your last visit from the date in the first paragraph of this privacy policy.
B. DATA PROCESSING ON THE WEBSITE
1. web hosting - log data / log files
We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.
Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).Data subjects: Users (e.g. .e.g. website visitors, users of online services).Purposes of processing: provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
1.1 Further information on processing operations, procedures and services:
Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web host"); legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure the utilization of the servers and their stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity): Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
Website: https://www.hetzner.com;
Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz.
Data processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.
2. cookies, pixels and similar technologies
2.1 General information on cookies, pixels and similar technologies
When you use our website, various types of cookies are used and stored on your end device. Cookies are small text files that are stored on your end device when you visit our website. We receive various information when cookies are set.
In addition to cookies, some services also use so-called "tracking pixels". A pixel is a 1 x 1 pixel graphic that is not visible to the average viewer, but is nevertheless included in the service. The pixel can be used to track certain events if you or the program you are using downloads the graphic.
Some services use "device and browser fingerprinting". Device and browser fingerprinting attempts to identify website visitors based on specific settings of the respective browser or the device used to access the website. Fingerprinting carried out in this way can include the following data, for example:
- the browser type and version;
- the operating system of the end device;
- the language;
- the time zone;
- the activated plugins;
- the installed fonts;
- the screen resolution;
- the CPU class;
- the device memory;
- and other values that can be derived from the device or browser. browser.
Insofar as we obtain consent for the storage of this information in your end device, Section 25 (1) TTDSG is the relevant legal basis for this. The same applies if the information already stored in your terminal equipment is accessed.
If the sole purpose of the storage or access is to carry out the transmission of a message via a public telecommunications network, the legal basis is Section 25 (2) No. 1 TTDSG.
If the storage or access is absolutely necessary so that we can provide a service expressly requested by you, Section 25 (2) No. 2 TTDSG is the relevant legal basis.
In the following, we will inform you about the relevant legal bases in the specific case. For the subsequent processing of personal data, we base the processing on one of the legal bases of the GDPR specified above.
We use the types of cookies listed below on our website.
Essential cookies
Certain cookies are technically necessary for the proper operation and functioning of our website and the proper display of content. These "essential cookies" cannot be deselected because our website cannot be offered without them.
Statistics cookies
We use cookies to statistically record the use of our website, e.g. to measure the reach and attractiveness of our offer. You do not have to select these cookies.
Marketing cookies
Marketing services are used by third-party providers or publishers to display personalized advertising. They do this by tracking visitors across websites.
External content
We integrate external content, such as maps and videos, in order to expand and optimize the functionality of our offerings and make them more convenient for you to use. The providers of this external content use cookies and similar technologies. You do not have to accept the cookies and similar technologies used for this purpose, but you will not be able to use the extended functions provided by the integrated external content on the website. You can also make a corresponding setting in your browser cookie settings. However, this may limit the functionality of our website.
2.2 Objection / Revocation
Cookies are stored on your end device. You can decide at any time whether you want to delete the cookies from your device. Through the settings in your browser, you can determine yourself whether the transmission of cookies from your device to us should be deactivated, restricted or the cookies deleted altogether. If you deactivate all cookies for our website, you may no longer be able to use all the functions of the website to their full extent.
You also have the option of adjusting your cookie settings directly on our website. If you have given your consent to cookies and other technologies, you can revoke this at any time via our Consent Management Platform by unchecking the relevant box and clicking on the "Save" button.
2.3 Google Maps API
We integrate the maps of the "Google Maps" service of the provider Google. Data is transmitted to Google regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button.
Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based, customer-oriented advertising and to inform other users of the Google network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google directly to exercise this right.
For this processing, our cooperation with Google is based on an agreement on joint responsibility in accordance with Art. 26 GDPR. The agreement can be found at the following link: https://privacy.google.com/intl/de/businesses/mapscontrollerterms/
The external fonts of the "Google Fonts" service are also integrated into Google Maps. When you access the Google Maps service, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must establish a connection to Google's servers. If your browser does not support the fonts, a standard font will be used by your end device. According to Google, the data transmitted by Google Fonts in connection with the page view is sent to resource-specific domains. According to Google's own statements, the data is not associated with other data that may be processed in connection with the parallel use of authenticated Google services, such as Gmail.
Processing company:
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google")
Data processing purposes: Display of interactive maps directly on the website, convenient use of the dealer search using a map function in your area
Provision of fonts
Technology used: API, cookies
Data collected: Your IP address, location information, date and time of the request, access status / HTTP status code, content of the request or the transmitted search terms (specific page), time zone difference to Greenwich Mean Time (GMT), data on your location, website from which the request comes, your browser type, your operating system and its interface, language setting and version of the browser software
Legal basis: Section 25 para. 1 TTDSG and Art. 6 para. 1 sentence 1 lit. a GDPR
Place of processing: Worldwide
Retention period: The fonts required for the service are usually stored on the end devices for one year in order to improve the loading times of the websites. Further information on how Google handles your data can be found in the data protection information: https://policies.google.com/privacy?hl=de.
Data recipients: Google Ireland Limited, Google LLC, Alphabet Inc.
Transfer to third countries: United States of America. Google also processes your personal data in the USA and relies on the so-called standard contractual clauses of the European Commission, further information on this can be found at https://policies.google.com/privacy/frameworks?hl=de.
Objection/revocation: You have the option of deactivating the Google Maps service in a simple manner and thus preventing the transfer of data to Google: To do this, deactivate JavaScript in your browser. However, we would like to point out that you will not be able to use the map display in this case. You can revoke your consent at any time for the future by unchecking the "External content" box in our cookie banner and then clicking "Save".
Data protection provisions of the processing company: Further information on the purpose and scope of data collection and processing by Google can be found in Google's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=de.
2.4 YouTube videos
Plugins from www.youtube.com are integrated on our website. We use embedded YouTube videos in extended data protection mode. YouTube describes its mode of operation as follows: "With the extended data protection mode, you can embed YouTube videos without cookies being set to analyze user behavior. This means that no data on user activity is collected in order to personalize video playback. Instead, video recommendations are based on the current video. Videos played in enhanced privacy mode do not affect which videos are recommended to a user on YouTube".
Cookies are therefore only set by YouTube when you actively activate the playback of an embedded video. Further information on this can be found at https://support.google.com/youtube/answer/171780?hl=de.
When you access pages on our website that have a YouTube plugin, a connection to the YouTube servers is established and the plugin is displayed on the website by notifying your browser. This tells the YouTube server which of our pages you have visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user accounts on these platforms. When using these plugins, such as clicking/starting a video or sending a comment, this information is assigned to your YouTube user account, for example, which you can only prevent by logging out before using the plugin.
Processing company: Google Inc,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google")
Data processing purposes: Show videos
Technology used: Cookies (if "Privacy-Enhanced Mode" is not activated)
Data collected: IP address, referrer URL, device information, videos viewed, geo-data, user behavior
Legal basis: § 25 para. 1 TTDSG and Art. 6 para. 1 sentence 1 lit. a GDPR
Place of processing: Worldwide
Retention period: For more information on how YouTube handles your data, please refer to YouTube's privacy policy at the following link: https://policies.google.com/privacy?hl=de.
Data recipients: Alphabet Inc, Google LLC, Google Ireland Limited
Transfer to third countries: United States of America
Objection/revocation: You can revoke your consent at any time for the future by unchecking the "External content" box in our cookie banner and then clicking on "Save".
Data protection provisions of the processing company: Further information on the collection and use of data by the platform or plugins can be found in YouTube's data protection information at the following link: https://policies.google.com/privacy?hl=de.
YouTube videos are integrated via a special domain (recognizable by the component "youtube-nocookie") in the so-called "extended data protection mode", whereby no cookies are collected on user activities in order to personalize the video playback. Nevertheless, information about the user's interaction with the video (e.g. remembering the last playback point) may be stored; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy. Basis for third country transfers: Data Privacy Framework (DPF).
2.5 Google reCAPTCHA
To protect the contact form from bot registrations and other spam mechanisms via the contact form available on the website, we use the reCAPTCHA service. The query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. To do this, Google uses cookies and makes use of device and browser fingerprinting technology.
Processing company: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data processing purposes: Protection against automated data entry by bots
Technology used: Cookies, browser and device fingerprinting
Data collected: IP address, click behavior, time spent on the website, website visitor behavior, browser language, user input, JavaScript objects, browser plug-ins, date and time of visit
On our behalf, Google will only use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data.
Legal basis: Section 25 (1) TTDSG and Art. 6 (1) sentence 1 lit. a GDPR
Place of processing: Worldwide
Retention period: We will only process your data for as long as is necessary for the purpose of data collection (in this case to prevent misuse of our website). You can find more information on how your data is handled at: http://www.google.com/intl/de/policies/privacy/.
Data recipients: Alphabet Inc, Google LLC, Google Ireland Limited
Transfer to third countries: United States of America.
However, due to the IP anonymization used on this website, your IP address will be shortened by Google within member states of the EU or in other signatory states to the EEA Agreement beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. So-called standard contractual clauses have been concluded as suitable guarantees. Further information on this can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.
Objection/revocation: You can revoke your consent at any time for the future by unchecking the box "External content" in our cookie banner and then clicking on "Save".
Data protection regulations of the processing company: Further information on Google's data protection guidelines can be found at: http://www.google.com/intl/de/policies/privacy/.
2.6 Google Analytics (web tracking - hosted by Google)
We use Google Analytics to measure and analyze the use of our online offer on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or e-mail addresses. It is used to assign analysis information to an end device in order to recognize which content users have called up within one or more usage processes, which search terms they have used, which they have called up again or which they have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of the users who refer to our online offer and technical aspects of their end devices and browsers.
Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: City (and the city's inferred latitude and longitude), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before it is immediately deleted. It is not logged, is not accessible and is not used for other purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing;
service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF); Opt-Out: Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de; Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and processed data).
3. contact form
We offer you the opportunity to contact us via a contact form on the website. If you contact us via the contact form, the data entered in the fields will be transmitted to us and stored. This includes in particular your name, your e-mail address and all other data entered in the fields.
The legal basis for the processing and transmission of the data entered via the contact form is Art. 6 para. 1 sentence 1 lit. a, b or f GDPR. The processing and transmission of the personal data entered in the contact form is solely for the purpose of processing your request and contacting you. This is in our interest. This may also involve initiating a contract.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected and the deletion does not conflict with any statutory archiving obligations. Data processing for the purpose of processing the inquiry via the contact form is terminated in any case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Service provider:
HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA;
Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data processing agreement: https://legal.hubspot.com/dpa. Basis for third country transfers: Data Privacy Framework (DPF)
4. jobs and career
You can apply for the advertised positions either by post or by e-mail to the postal or e-mail address stated in the respective job advertisement. As part of your application process, we process the data that you provide to us. This may include the following data in particular:
- Your full name
- Your full address
- Your telephone number
- Your e-mail address
- Your possible starting date and, if applicable, period of notice - Your salary expectations - Your application photo - Your date of birth - Your place of birth - Your nationality - Your gender - Your application documents notice period
- your salary expectations
- your application photo
- your date of birth
- your place of birth
- your nationality
- your gender
- your application documents such as cover letter, certificates, CV
- details of your school education, studies, vocational training and further training
- your language skills
- your IT skills
- other qualifications and your motivation
- details of your professional background
Data processing as part of the application process serves to decide on the establishment of an employment relationship. The primary legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR or Section 26 para. 1 BDSG or comparable national regulations. Personal data will only be processed for purposes related to your interest in current or future employment and the processing of your application.
All employees entrusted with data processing are obliged to maintain the confidentiality of your data. Under no circumstances will other third parties obtain knowledge of your data unless we inform you of this in this declaration. If we are unable to offer you employment, the data you provide will be stored for up to four months after rejection for the purpose of answering questions in connection with your application and rejection, unless other statutory retention obligations apply.
C. SOCIAL MEDIA
1. data processing by social media platforms in general
We operate publicly accessible company profiles on social media platforms to provide information about our news, events and to give insights into the company. The social media platforms also enable us to contact you as a user/visitor. You can find out on which platforms we operate a company profile in section 6 below.
Social media platforms such as Facebook, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites results in numerous data protection-relevant processing operations. The respective social media platforms can provide us with anonymized statistics and insights about interactions with our posts, among other things. From this information, we can recognize whether our website has been reached by users/visitors from the respective platform via our company profile and, among other things, the age/gender groups (the latter only for logged-in users). We have no influence over the data transmitted to us and cannot stop the social media platforms from doing so. We use the data transmitted to us to optimize our posts and our website and to be able to design them according to the interests of our website visitors.
The social media platforms store cookies on your end device or record your IP address. This serves to evaluate the data of the visit to the social media platform and our company profile for statistical and market research purposes and can help to optimize future advertising measures on the part of the social media platforms. It is possible that the social media platforms themselves may use the data collected about the user behaviour of users/visitors to display personalized advertising, which can be displayed on all devices on which you are/were logged in.
If you are logged in to a social media platform when you visit our company profile, the data from your visit to our company profile may be assigned to your account and linked to the data in this account. We would like to point out that it is possible that social media platforms may collect your data even if you do not have an account.
Depending on the platform, further processing operations may be carried out. For further details, please refer to the terms of use and data protection notices of the respective social media platforms.
2. legal basis
We have a legitimate interest in the operation of the company profile and the processing of your data in order to be able to design and implement the contemporary possibilities of information and communication accordingly. The legal basis in this case is Art. 6 para. 1 sentence 1 lit. f GDPR.
If you contact us via the message function or via the e-mail address stored in our company profile, we will store your user profile ID or e-mail address as well as other data provided by you. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the contact is about initiating a contract or contract-related topics. We also have a legitimate interest in processing your data in order to be able to respond to your request, Art. 6 para. 1 sentence 1 lit. f GDPR.
The analysis procedures used by the social media platforms may be based on different legal bases, which must be specified by the operators of the social media platforms (e.g. consent within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR, consent can be revoked there at any time).
3. responsible person
According to a decision of the European Court of Justice, fan page operators (including us) are joint controllers within the meaning of the GDPR together with the social media platform.
Due to the collection and storage of data (and user data) by the social media platforms, you can also assert your rights against the respective platform. You can find your rights towards us in the previous sections.
4. storage duration
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and the deletion does not conflict with any statutory or contractual archiving obligations. If you contact us via the message function or the e-mail address stored in the company profile, the conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
With the respective buttons "unsubscribe" and remove the "follow button" (or "I no longer like this page") you can terminate the connection to our company profile and the associated processing of your data.
The storage period and which data is stored by the individual social media platforms are described below.
5. type of data
We may process inventory data of your social media account with the social media platform (e.g. first and last name, address, email address, telephone number, gender, age, date of birth), usage data (e.g. websites visited, interest in content) and content data (e.g. photos, videos, text entries).
6 Company profiles on social media platforms in detail
We operate company profiles on the following social media platforms.
6.1 YouTube
We have a profile on YouTube. The (joint) controller under data protection law is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, ("YouTube"). For persons living in the USA or Canada, it is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. According to YouTube and Google, the data collected is also transferred to the USA and other third countries. YouTube and Google also use analysis tools (including Google Analytics).
According to YouTube and Google, Google uses legal frameworks and other measures to guarantee an appropriate level of data protection.
If you wish to deactivate advertising cookies from YouTube and Google, please use the following link: https://adssettings.google.com/ or directly: https://adssettings.google.com/authenticated.
For details on how they handle your personal data, please refer to YouTube's privacy policy: https://support.google.com/youtube/answer/7585465?hl=de and the privacy policy: https://policies.google.com/privacy.
6.2 LinkedIn
We operate a company profile on LinkedIn. The (joint) controller under data protection law is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For persons living in the USA or Canada, it is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085 USA ("LinkedIn"). According to LinkedIn, the data collected is also transferred to the USA and other third countries. LinkedIn uses advertising cookies. LinkedIn also uses analysis tools from other companies, including Google Analytics.
According to LinkedIn's own information, LinkedIn uses standard contractual clauses approved by the European Commission and takes other measures in accordance with EU law to legitimize data transfers from the EEA to the USA and other countries.
Details can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have concluded a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum (the 'Addendum')", https://legal.linkedin.com/pages-joint-controller-addendum ), which regulates in particular which security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to LinkedIn). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection of data by and transfer to Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of Ireland Unlimited Company, which relates in particular to the transfer of data to the parent company LinkedIn Corporation in the USA.
7. sharing content on social media platforms
If you decide to share the content of our website on social networks, the data protection provisions of the respective social media platform apply.
No plugins provided by the social networks Facebook, Twitter, Pinterest etc. are integrated on our website. An automatic transfer of user data to the operators of these platforms does not take place on our website.